Facebook had initially said that only tens of thousands of users were affected by the bug and has now updated to millions. It plans to notify those affected but has no precise number to share.

Facebook’s password-related security incident, which was revealed last month, affected “millions” of Instagram and not “tens of thousands” of users first informed by the social media giant. In an updated blog post first published on March 21, Facebook has changed the information to reflect millions of Instagram users might have been affected as opposed to tens of thousands as thought previously. The revelation further raises concerns about Facebook’s privacy policy and its ability to protect billions of people who use its services every day around the world.

“We discovered additional logs of Instagram passwords being stored in a readable format,” the company said in the updated blog post. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.” While Facebook has confirmed plans to notify those affected by the issue, it has not clarified how the number of affected users was determined and has also not shared how many millions of users were affected.

Also Read

The update comes after Facebook admitted last month that it had inadvertently stored “hundreds of millions” of user account passwords in plaintext for years. It said that the record dated as far back as 2012. The social media giant also confirmed that the encrypted passwords were stored in logs accessible to nearly 2,000 engineers and developers. The data was, however, not leaked outside of the company and Facebook has not explained how the big occurred in the first place.

Watch: Xiaomi Redmi Note 7 Pro First Look

TechCrunch reports that Facebook does not have “a precise number” to share just yet and is also not sharing the exact timeline for additional discovery, being announced now. Facebook first admitted to storing “hundreds of millions’ of account passwords in plaintext after it was first reported by cyber-security reporter Brian Krebs. Facebook added that it first discovered user passwords being stored in plaintext in January as part of a routine security review.